aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/acp/acp_board.php2
-rw-r--r--phpBB/includes/acp/acp_language.php27
-rw-r--r--phpBB/includes/acp/acp_users.php6
-rw-r--r--phpBB/includes/auth/auth_db.php4
-rw-r--r--phpBB/includes/functions.php68
-rw-r--r--phpBB/includes/functions_acp.php2
-rw-r--r--phpBB/includes/mcp/mcp_front.php2
-rw-r--r--phpBB/includes/request/request.php125
-rw-r--r--phpBB/includes/request/type_cast_helper.php22
-rw-r--r--phpBB/includes/template/filter.php2
-rw-r--r--phpBB/includes/ucp/ucp_profile.php6
-rw-r--r--phpBB/includes/ucp/ucp_register.php4
12 files changed, 178 insertions, 92 deletions
diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php
index 575d05933f..322e1c55d8 100644
--- a/phpBB/includes/acp/acp_board.php
+++ b/phpBB/includes/acp/acp_board.php
@@ -53,6 +53,8 @@ class acp_board
'legend1' => 'ACP_BOARD_SETTINGS',
'sitename' => array('lang' => 'SITE_NAME', 'validate' => 'string', 'type' => 'text:40:255', 'explain' => false),
'site_desc' => array('lang' => 'SITE_DESC', 'validate' => 'string', 'type' => 'text:40:255', 'explain' => false),
+ 'site_home_url' => array('lang' => 'SITE_HOME_URL', 'validate' => 'string', 'type' => 'text:40:255', 'explain' => true),
+ 'site_home_text' => array('lang' => 'SITE_HOME_TEXT', 'validate' => 'string', 'type' => 'text:40:255', 'explain' => true),
'board_disable' => array('lang' => 'DISABLE_BOARD', 'validate' => 'bool', 'type' => 'custom', 'method' => 'board_disable', 'explain' => true),
'board_disable_msg' => false,
'default_lang' => array('lang' => 'DEFAULT_LANGUAGE', 'validate' => 'lang', 'type' => 'select', 'function' => 'language_select', 'params' => array('{CONFIG_VALUE}'), 'explain' => false),
diff --git a/phpBB/includes/acp/acp_language.php b/phpBB/includes/acp/acp_language.php
index 2b19f93c75..2be1ccfc41 100644
--- a/phpBB/includes/acp/acp_language.php
+++ b/phpBB/includes/acp/acp_language.php
@@ -100,11 +100,25 @@ class acp_language
switch ($method)
{
case 'ftp':
- $transfer = new ftp(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
+ $transfer = new ftp(
+ request_var('host', ''),
+ request_var('username', ''),
+ htmlspecialchars_decode($request->untrimmed_variable('password', '')),
+ request_var('root_path', ''),
+ request_var('port', ''),
+ request_var('timeout', '')
+ );
break;
case 'ftp_fsock':
- $transfer = new ftp_fsock(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
+ $transfer = new ftp_fsock(
+ request_var('host', ''),
+ request_var('username', ''),
+ htmlspecialchars_decode($request->untrimmed_variable('password', '')),
+ request_var('root_path', ''),
+ request_var('port', ''),
+ request_var('timeout', '')
+ );
break;
default:
@@ -404,7 +418,14 @@ class acp_language
trigger_error($user->lang['INVALID_UPLOAD_METHOD'], E_USER_ERROR);
}
- $transfer = new $method(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
+ $transfer = new $method(
+ request_var('host', ''),
+ request_var('username', ''),
+ htmlspecialchars_decode($request->untrimmed_variable('password', '')),
+ request_var('root_path', ''),
+ request_var('port', ''),
+ request_var('timeout', '')
+ );
if (($result = $transfer->open_session()) !== true)
{
diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php
index b54257b04a..985a12d9ce 100644
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -32,7 +32,7 @@ class acp_users
{
global $config, $db, $user, $auth, $template, $cache;
global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix, $file_uploads;
- global $phpbb_dispatcher;
+ global $phpbb_dispatcher, $request;
$user->add_lang(array('posting', 'ucp', 'acp/users'));
$this->tpl_name = 'acp_users';
@@ -770,8 +770,8 @@ class acp_users
'username' => utf8_normalize_nfc(request_var('user', $user_row['username'], true)),
'user_founder' => request_var('user_founder', ($user_row['user_type'] == USER_FOUNDER) ? 1 : 0),
'email' => strtolower(request_var('user_email', $user_row['user_email'])),
- 'new_password' => request_var('new_password', '', true),
- 'password_confirm' => request_var('password_confirm', '', true),
+ 'new_password' => $request->variable('new_password', '', true),
+ 'password_confirm' => $request->variable('password_confirm', '', true),
);
// Validation data - we do not check the password complexity setting here
diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php
index 76790e4dad..ac944532a5 100644
--- a/phpBB/includes/auth/auth_db.php
+++ b/phpBB/includes/auth/auth_db.php
@@ -41,6 +41,10 @@ function login_db($username, $password, $ip = '', $browser = '', $forwarded_for
global $db, $config;
global $request;
+ // Auth plugins get the password untrimmed.
+ // For compatibility we trim() here.
+ $password = trim($password);
+
// do not allow empty password
if (!$password)
{
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 834f57a38b..0c9421c12f 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -2085,7 +2085,7 @@ function phpbb_generate_template_pagination($template, $base_url, $block_var_nam
$on_page = floor($start_item / $per_page) + 1;
$url_delim = (strpos($base_url, '?') === false) ? '?' : ((strpos($base_url, '?') === strlen($base_url) - 1) ? '' : '&');
-
+
if ($reverse_count)
{
$start_page = ($total_pages > 5) ? $total_pages - 4 : 1;
@@ -2094,9 +2094,9 @@ function phpbb_generate_template_pagination($template, $base_url, $block_var_nam
else
{
// What we're doing here is calculating what the "start" and "end" pages should be. We
- // do this by assuming pagination is "centered" around the currently active page with
- // the three previous and three next page links displayed. Anything more than that and
- // we display the ellipsis, likewise anything less.
+ // do this by assuming pagination is "centered" around the currently active page with
+ // the three previous and three next page links displayed. Anything more than that and
+ // we display the ellipsis, likewise anything less.
//
// $start_page is the page at which we start creating the list. When we have five or less
// pages we start at page 1 since there will be no ellipsis displayed. Anymore than that
@@ -2115,18 +2115,18 @@ function phpbb_generate_template_pagination($template, $base_url, $block_var_nam
if ($on_page != $total_pages)
{
$template->assign_block_vars($block_var_name, array(
- 'PAGE_NUMBER' => '',
+ 'PAGE_NUMBER' => '',
'PAGE_URL' => $base_url . $url_delim . $start_name . '=' . ($on_page * $per_page),
- 'S_IS_CURRENT' => false,
- 'S_IS_PREV' => false,
- 'S_IS_NEXT' => true,
- 'S_IS_ELLIPSIS' => false,
+ 'S_IS_CURRENT' => false,
+ 'S_IS_PREV' => false,
+ 'S_IS_NEXT' => true,
+ 'S_IS_ELLIPSIS' => false,
));
- }
+ }
// This do...while exists purely to negate the need for start and end assign_block_vars, i.e.
- // to display the first and last page in the list plus any ellipsis. We use this loop to jump
- // around a little within the list depending on where we're starting (and ending).
+ // to display the first and last page in the list plus any ellipsis. We use this loop to jump
+ // around a little within the list depending on where we're starting (and ending).
$at_page = 1;
do
{
@@ -2137,17 +2137,17 @@ function phpbb_generate_template_pagination($template, $base_url, $block_var_nam
// of those points and of course do we even need to display it, i.e. is the list starting
// on at least page 3 and ending three pages before the final item.
$template->assign_block_vars($block_var_name, array(
- 'PAGE_NUMBER' => $at_page,
+ 'PAGE_NUMBER' => $at_page,
'PAGE_URL' => $page_url,
- 'S_IS_CURRENT' => (!$ignore_on_page && $at_page == $on_page),
- 'S_IS_NEXT' => false,
- 'S_IS_PREV' => false,
- 'S_IS_ELLIPSIS' => ($at_page == 2 && $start_page > 2) || ($at_page == $total_pages - 1 && $end_page < $total_pages - 1),
+ 'S_IS_CURRENT' => (!$ignore_on_page && $at_page == $on_page),
+ 'S_IS_NEXT' => false,
+ 'S_IS_PREV' => false,
+ 'S_IS_ELLIPSIS' => ($at_page == 2 && $start_page > 2) || ($at_page == $total_pages - 1 && $end_page < $total_pages - 1),
));
- // We may need to jump around in the list depending on whether we have or need to display
+ // We may need to jump around in the list depending on whether we have or need to display
// the ellipsis. Are we on page 2 and are we more than one page away from the start
- // of the list? Yes? Then we jump to the start of the list. Likewise are we at the end of
+ // of the list? Yes? Then we jump to the start of the list. Likewise are we at the end of
// the list and are there more than two pages left in total? Yes? Then jump to the penultimate
// page (so we can display the ellipsis next pass). Else, increment the counter and keep
// going
@@ -2169,18 +2169,18 @@ function phpbb_generate_template_pagination($template, $base_url, $block_var_nam
if ($on_page != 1)
{
$template->assign_block_vars($block_var_name, array(
- 'PAGE_NUMBER' => '',
+ 'PAGE_NUMBER' => '',
'PAGE_URL' => $base_url . $url_delim . $start_name . '=' . (($on_page - 2) * $per_page),
- 'S_IS_CURRENT' => false,
- 'S_IS_PREV' => true,
- 'S_IS_NEXT' => false,
- 'S_IS_ELLIPSIS' => false,
+ 'S_IS_CURRENT' => false,
+ 'S_IS_PREV' => true,
+ 'S_IS_NEXT' => false,
+ 'S_IS_ELLIPSIS' => false,
));
}
}
/**
-* Return current page
+* Return current page
* This function also sets certain specific template variables
*
* @param object $template the template object
@@ -2200,9 +2200,9 @@ function phpbb_on_page($template, $user, $base_url, $num_items, $per_page, $star
$template->assign_vars(array(
'PER_PAGE' => $per_page,
- 'ON_PAGE' => $on_page,
-
- 'A_BASE_URL' => addslashes($base_url),
+ 'ON_PAGE' => $on_page,
+
+ 'A_BASE_URL' => addslashes($base_url),
));
return sprintf($user->lang['PAGE_OF'], $on_page, max(ceil($num_items / $per_page), 1));
@@ -3044,11 +3044,11 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
trigger_error('NO_AUTH_ADMIN');
}
- $password = request_var('password_' . $credential, '', true);
+ $password = $request->untrimmed_variable('password_' . $credential, '', true);
}
else
{
- $password = request_var('password', '', true);
+ $password = $request->untrimmed_variable('password', '', true);
}
$username = request_var('username', '', true);
@@ -3377,7 +3377,7 @@ function parse_cfg_file($filename, $lines = false)
$parsed_items[$key] = $value;
}
-
+
if (isset($parsed_items['parent']) && isset($parsed_items['name']) && $parsed_items['parent'] == $parsed_items['name'])
{
unset($parsed_items['parent']);
@@ -4147,7 +4147,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
echo ' </div>';
echo ' </div>';
echo ' <div id="page-footer">';
- echo ' Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group';
+ echo ' Powered by <a href="https://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group';
echo ' </div>';
echo '</div>';
echo '</body>';
@@ -4994,6 +4994,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
'L_LOGIN_LOGOUT' => $l_login_logout,
'L_INDEX' => $user->lang['FORUM_INDEX'],
+ 'L_SITE_HOME' => ($config['site_home_text'] !== '') ? $config['site_home_text'] : $user->lang['HOME'],
'L_ONLINE_EXPLAIN' => $l_online_time,
'U_PRIVATEMSGS' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;folder=inbox'),
@@ -5005,6 +5006,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
'U_LOGIN_LOGOUT' => $u_login_logout,
'U_INDEX' => append_sid("{$phpbb_root_path}index.$phpEx"),
'U_SEARCH' => append_sid("{$phpbb_root_path}search.$phpEx"),
+ 'U_SITE_HOME' => $config['site_home_url'],
'U_REGISTER' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register'),
'U_PROFILE' => append_sid("{$phpbb_root_path}ucp.$phpEx"),
'U_MODCP' => append_sid("{$phpbb_root_path}mcp.$phpEx", false, true, $user->session_id),
@@ -5168,7 +5170,7 @@ function page_footer($run_cron = true)
$template->assign_vars(array(
'DEBUG_OUTPUT' => (defined('DEBUG')) ? $debug_output : '',
'TRANSLATION_INFO' => (!empty($user->lang['TRANSLATION_INFO'])) ? $user->lang['TRANSLATION_INFO'] : '',
- 'CREDIT_LINE' => $user->lang('POWERED_BY', '<a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group'),
+ 'CREDIT_LINE' => $user->lang('POWERED_BY', '<a href="https://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group'),
'U_ACP' => ($auth->acl_get('a_') && !empty($user->data['is_registered'])) ? append_sid("{$phpbb_root_path}adm/index.$phpEx", false, true, $user->session_id) : '')
);
diff --git a/phpBB/includes/functions_acp.php b/phpBB/includes/functions_acp.php
index 2f0188289b..11cc1f6dd8 100644
--- a/phpBB/includes/functions_acp.php
+++ b/phpBB/includes/functions_acp.php
@@ -172,7 +172,7 @@ function adm_page_footer($copyright_html = true)
'DEBUG_OUTPUT' => (defined('DEBUG')) ? $debug_output : '',
'TRANSLATION_INFO' => (!empty($user->lang['TRANSLATION_INFO'])) ? $user->lang['TRANSLATION_INFO'] : '',
'S_COPYRIGHT_HTML' => $copyright_html,
- 'CREDIT_LINE' => $user->lang('POWERED_BY', '<a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group'),
+ 'CREDIT_LINE' => $user->lang('POWERED_BY', '<a href="https://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group'),
'T_JQUERY_LINK' => ($config['load_jquery_cdn'] && !empty($config['load_jquery_url'])) ? $config['load_jquery_url'] : "{$phpbb_root_path}assets/javascript/jquery.js",
'S_JQUERY_FALLBACK' => ($config['load_jquery_cdn']) ? true : false,
'VERSION' => $config['version'])
diff --git a/phpBB/includes/mcp/mcp_front.php b/phpBB/includes/mcp/mcp_front.php
index 13398e62bc..ba4b15895a 100644
--- a/phpBB/includes/mcp/mcp_front.php
+++ b/phpBB/includes/mcp/mcp_front.php
@@ -251,7 +251,7 @@ function mcp_front_view($id, $mode, $action)
'ORDER_BY' => 'p.message_time DESC',
);
- $sql_ary = $db->sql_build_query('SELECT', $sql_ary);
+ $sql = $db->sql_build_query('SELECT', $sql_ary);
$result = $db->sql_query_limit($sql, 5);
$pm_by_id = $pm_list = array();
diff --git a/phpBB/includes/request/request.php b/phpBB/includes/request/request.php
index 4e425dbd27..a06fc0d85d 100644
--- a/phpBB/includes/request/request.php
+++ b/phpBB/includes/request/request.php
@@ -200,46 +200,31 @@ class phpbb_request implements phpbb_request_interface
*/
public function variable($var_name, $default, $multibyte = false, $super_global = phpbb_request_interface::REQUEST)
{
- $path = false;
-
- // deep direct access to multi dimensional arrays
- if (is_array($var_name))
- {
- $path = $var_name;
- // make sure at least the variable name is specified
- if (empty($path))
- {
- return (is_array($default)) ? array() : $default;
- }
- // the variable name is the first element on the path
- $var_name = array_shift($path);
- }
-
- if (!isset($this->input[$super_global][$var_name]))
- {
- return (is_array($default)) ? array() : $default;
- }
- $var = $this->input[$super_global][$var_name];
-
- if ($path)
- {
- // walk through the array structure and find the element we are looking for
- foreach ($path as $key)
- {
- if (is_array($var) && isset($var[$key]))
- {
- $var = $var[$key];
- }
- else
- {
- return (is_array($default)) ? array() : $default;
- }
- }
- }
-
- $this->type_cast_helper->recursive_set_var($var, $default, $multibyte);
+ return $this->_variable($var_name, $default, $multibyte, $super_global, true);
+ }
- return $var;
+ /**
+ * Get a variable, but without trimming strings.
+ * Same functionality as variable(), except does not run trim() on strings.
+ * This method should be used when handling passwords.
+ *
+ * @param string|array $var_name The form variable's name from which data shall be retrieved.
+ * If the value is an array this may be an array of indizes which will give
+ * direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a")
+ * then specifying array("var", 1) as the name will return "a".
+ * @param mixed $default A default value that is returned if the variable was not set.
+ * This function will always return a value of the same type as the default.
+ * @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters
+ * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks
+ * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global
+ * Specifies which super global should be used
+ *
+ * @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the
+ * the same as that of $default. If the variable is not set $default is returned.
+ */
+ public function untrimmed_variable($var_name, $default, $multibyte, $super_global = phpbb_request_interface::REQUEST)
+ {
+ return $this->_variable($var_name, $default, $multibyte, $super_global, false);
}
/**
@@ -351,4 +336,66 @@ class phpbb_request implements phpbb_request_interface
return array_keys($this->input[$super_global]);
}
+
+ /**
+ * Helper function used by variable() and untrimmed_variable().
+ *
+ * @param string|array $var_name The form variable's name from which data shall be retrieved.
+ * If the value is an array this may be an array of indizes which will give
+ * direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a")
+ * then specifying array("var", 1) as the name will return "a".
+ * @param mixed $default A default value that is returned if the variable was not set.
+ * This function will always return a value of the same type as the default.
+ * @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters
+ * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks
+ * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global
+ * Specifies which super global should be used
+ * @param bool $trim Indicates whether trim() should be applied to string values.
+ *
+ * @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the
+ * the same as that of $default. If the variable is not set $default is returned.
+ */
+ protected function _variable($var_name, $default, $multibyte = false, $super_global = phpbb_request_interface::REQUEST, $trim = true)
+ {
+ $path = false;
+
+ // deep direct access to multi dimensional arrays
+ if (is_array($var_name))
+ {
+ $path = $var_name;
+ // make sure at least the variable name is specified
+ if (empty($path))
+ {
+ return (is_array($default)) ? array() : $default;
+ }
+ // the variable name is the first element on the path
+ $var_name = array_shift($path);
+ }
+
+ if (!isset($this->input[$super_global][$var_name]))
+ {
+ return (is_array($default)) ? array() : $default;
+ }
+ $var = $this->input[$super_global][$var_name];
+
+ if ($path)
+ {
+ // walk through the array structure and find the element we are looking for
+ foreach ($path as $key)
+ {
+ if (is_array($var) && isset($var[$key]))
+ {
+ $var = $var[$key];
+ }
+ else
+ {
+ return (is_array($default)) ? array() : $default;
+ }
+ }
+ }
+
+ $this->type_cast_helper->recursive_set_var($var, $default, $multibyte, $trim);
+
+ return $var;
+ }
}
diff --git a/phpBB/includes/request/type_cast_helper.php b/phpBB/includes/request/type_cast_helper.php
index 561e8fc251..1a5274ed14 100644
--- a/phpBB/includes/request/type_cast_helper.php
+++ b/phpBB/includes/request/type_cast_helper.php
@@ -93,15 +93,23 @@ class phpbb_request_type_cast_helper implements phpbb_request_type_cast_helper_i
* @param mixed $type The variable type. Will be used with {@link settype()}
* @param bool $multibyte Indicates whether string values may contain UTF-8 characters.
* Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks.
+ * @param bool $trim Indicates whether trim() should be applied to string values.
+ * Default is true.
*/
- public function set_var(&$result, $var, $type, $multibyte = false)
+ public function set_var(&$result, $var, $type, $multibyte = false, $trim = true)
{
settype($var, $type);
$result = $var;
if ($type == 'string')
{
- $result = trim(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $result));
+ $result = str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $result);
+
+ if ($trim)
+ {
+ $result = trim($result);
+ }
+
$result = htmlspecialchars($result, ENT_COMPAT, 'UTF-8');
if ($multibyte)
@@ -141,8 +149,10 @@ class phpbb_request_type_cast_helper implements phpbb_request_type_cast_helper_i
* @param bool $multibyte Indicates whether string keys and values may contain UTF-8 characters.
* Default is false, causing all bytes outside the ASCII range (0-127) to
* be replaced with question marks.
+ * @param bool $trim Indicates whether trim() should be applied to string values.
+ * Default is true.
*/
- public function recursive_set_var(&$var, $default, $multibyte)
+ public function recursive_set_var(&$var, $default, $multibyte, $trim = true)
{
if (is_array($var) !== is_array($default))
{
@@ -153,7 +163,7 @@ class phpbb_request_type_cast_helper implements phpbb_request_type_cast_helper_i
if (!is_array($default))
{
$type = gettype($default);
- $this->set_var($var, $var, $type, $multibyte);
+ $this->set_var($var, $var, $type, $multibyte, $trim);
}
else
{
@@ -174,9 +184,9 @@ class phpbb_request_type_cast_helper implements phpbb_request_type_cast_helper_i
foreach ($_var as $k => $v)
{
- $this->set_var($k, $k, $key_type, $multibyte, $multibyte);
+ $this->set_var($k, $k, $key_type, $multibyte);
- $this->recursive_set_var($v, $default_value, $multibyte);
+ $this->recursive_set_var($v, $default_value, $multibyte, $trim);
$var[$k] = $v;
}
}
diff --git a/phpBB/includes/template/filter.php b/phpBB/includes/template/filter.php
index ad2e35de6a..abee32c8f7 100644
--- a/phpBB/includes/template/filter.php
+++ b/phpBB/includes/template/filter.php
@@ -209,7 +209,7 @@ class phpbb_template_filter extends php_user_filter
*/
- $data = preg_replace('~(?<!^)(<\?php(?:(?<!\?>).)+(?<!/\*\*/)\?>)$~m', "$1\n", $data);
+ $data = preg_replace('~(?<!^)(<\?php.+(?<!/\*\*/)\?>)$~m', "$1\n", $data);
$data = str_replace('/**/?>', "?>\n", $data);
$data = str_replace('?><?php', '', $data);
return $data;
diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php
index 2ac82fb52f..89bf20a30f 100644
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@@ -46,9 +46,9 @@ class ucp_profile
$data = array(
'username' => utf8_normalize_nfc(request_var('username', $user->data['username'], true)),
'email' => strtolower(request_var('email', $user->data['user_email'])),
- 'new_password' => request_var('new_password', '', true),
- 'cur_password' => request_var('cur_password', '', true),
- 'password_confirm' => request_var('password_confirm', '', true),
+ 'new_password' => $request->variable('new_password', '', true),
+ 'cur_password' => $request->variable('cur_password', '', true),
+ 'password_confirm' => $request->variable('password_confirm', '', true),
);
add_form_key('ucp_reg_details');
diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php
index 6ce53a79ab..c57aec00a0 100644
--- a/phpBB/includes/ucp/ucp_register.php
+++ b/phpBB/includes/ucp/ucp_register.php
@@ -170,8 +170,8 @@ class ucp_register
$data = array(
'username' => utf8_normalize_nfc(request_var('username', '', true)),
- 'new_password' => request_var('new_password', '', true),
- 'password_confirm' => request_var('password_confirm', '', true),
+ 'new_password' => $request->variable('new_password', '', true),
+ 'password_confirm' => $request->variable('password_confirm', '', true),
'email' => strtolower(request_var('email', '')),
'lang' => basename(request_var('lang', $user->lang_name)),
'tz' => request_var('tz', $timezone),
generated by cgit v1.2.1 (git 2.21.0) at 2025-11-14 16:56:17 +0000